126/02/2016 META ACCESS MANAGEMENT SYSTEM A Ship on the Grid – Interoperability between Shibboleth and the Grid – Dr. Erik Vullings Programme Manager Macquarie.

Slides:



Advertisements
Similar presentations
Shibboleth and UKAMF-FEAR not as scary as it sounds! Rhys Smith Cardiff University.
Advertisements

Demonstrations at PRAGMA demos are nominated by WG chairs Did not call for demos. We will select the best demo(s) Criteria is under discussion. Notes.
Federated Identity for Grid Architects Tom Scavo NCSA
Combining the strengths of UMIST and The Victoria University of Manchester Adapting to Federated Identity SHEBANGS Shibboleth Enabled Bridge to Access.
Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.
Access management: challenges and approaches James Dalziel Adjunct Professor and Director Macquarie E-learning Centre of Excellence
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
Access management for repositories: challenges and approaches for MAMS James Dalziel Professor of Learning Technology and Director, Macquarie E-Learning.
Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal , DNS Hello User Sample (Gateway)
GridShib: Campus/Grid RBAC Integration GGF15 Workshop: Leveraging Site Infrastructure for Multi-Site Grids October 3th, 2005 Von Welch
Implementing Shibboleth-based Virtual Organisations and VO Federations using IAMSuite (including AAF update) James Dalziel & Alan Lin Professor of Learning.
18/05/2015 META ACCESS MANAGEMENT SYSTEM Virtual Organisations Accomodating Research Groups in a Shibboleth Federation Peter Schendzielorz Macquarie University’s.
WSO2 Identity Server Road Map
Security Approaches and Requirements John Watt NCeSS Conference Workshop 3 Data Management through e-Social Science June 18th 2008.
Alex Reid, AARNet Australia Middleware Update; 16-Oct-06 Middleware in Australia - Update TF-ECM2 Malaga 16-Oct-06 Alex Reid Director, eResearch/Middleware.
Attributes, Anonymity, and Access: Shibboleth and Globus Integration to Facilitate Grid Collaboration 4th Annual PKI R&D Workshop Tom Barton, Kate Keahey,
16/3/2015 META ACCESS MANAGEMENT SYSTEM Implementing Authorised Access Dr. Erik Vullings MAMS Programme Manager
EDINA 20 th March 2008 EDINA Geo/Grid - Security Prof. Richard O. Sinnott Technical Director, National e-Science Centre University of Glasgow, Scotland.
ARROW Progress Report to CAUL, April 2005 Cathrine Harboe-Ree ARROW Project Leader.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Administrative Information Systems Shibboleth: The Next Generation ISIS Technical Information Session for Developers Datta Mahabalagiri March
Federated A(A(A))I Jens Jensen hepsysman, RAL,
Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.
UK e-Science All Hands Meeting, September 2007 The GLASS Project: Supporting Secure Shibboleth-based Single Sign-On to Campus Resources John Watt (
External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.
19/17/2015 META ACCESS MANAGEMENT SYSTEM Platforms for Collaboration – Plus brief update from Australia – Dr. Erik Vullings MAMS Project Macquarie University’s.
TNC2004 Rhodes 1 Authentication and access control in Sympa mailing list manager Serge Aumont & Olivier Salaün May 2004.
Australian Access Federation and other Middleware Initiatives Presented at TF-EMC2, Prague 4 Sep 2007 Patty McMillan, The University of Queensland.
AAI-enabled VO Platform “VO without Tears” Christoph Witzig EGI TF, Amsterdam, Sept 15, 2010.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.
GridShib: Grid/Shibboleth Interoperability September 14, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey, Raj Kettimuthu, Tom Scavo, Frank Siebenlist,
Neil Witheridge APAN29 Sydney February 2010 ARCS Authorisation Services Neil Witheridge Manager, ARCS Authorisation Services APAN29, Sydney, February 2010.
Shibboleth for Real Dave Kennedy
110/21/2015 META ACCESS MANAGEMENT SYSTEM Shibboleth Attribute Release Policy Editing Tools ShARPE and Autograph I2MM April 2006 Neil Witheridge MAMS Project.
ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.
Portal-based Access to Advanced Security Infrastructures John Watt UK e-Science All Hands Meeting September 11 th 2008.
AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.
Shibboleth for Local Attribute Delivery 21 June 2007.
MAT U M A T U Middleware Assisted Take-Up Service For JISC Funded Early Adopters.
Technical Topics for Deployed Campuses: Web SSO Will Norris University of Southern California.
Administrative Information Systems Shibboleth: The Next Generation ISIS Technical Information Session for ISIS Developers January 30, 2007.
OGF22 25 th February 2008 OGF22 Demo Slides Prof. Richard O. Sinnott Technical Director, National e-Science Centre University of Glasgow, Scotland
Gridshib-tech-overview-dec051 GridShib A Technical Overview Tom Scavo NCSA.
Shibboleth 2.0 Update Ken Klingenstein. 2 Topics Shib v1.3 Status SAML new features Shibboleth 2.0 Features Shibboleth 2.x Features We Need Feedback.
Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.
Tools for Grid/Campus Integration: GridShib and MyProxy Internet2 Advanced Camp July 1, 2005 Von Welch
SAML to LDAP bridging developments Marcus Hardt Marcus kit.eduSteinbuch Centre for Computing (SCC) Motivation Allow linux logins,
Attribute Aggregation in Federated Identity Management David Chadwick, George Inman, Stijn Lievens University of Kent.
Federating non-web services with LDAP-Façade
Shibboleth & Grid Integration STFC and University of Oxford (and University of Manchester)
Haka federation status  24 institutions and IdPs end users 96% coverage in universities, 41% in polytechnics  41 services Elearning Libraries.
1 Earth System Grid Center for Enabling Technologies ESG-CET Security January 7, 2016 Frank Siebenlist Rachana Ananthakrishnan Neill Miller ESG-CET All-Hands.
Grid Security and Identity Management Mine Altunay Security Officer, Open Science Grid, Fermilab.
19-Sep-05 Alex Reid: Australian Middleware 1 Middleware Picture in Australia Alex Reid Director, eResearch/Middleware, AARNet.
Administrative Information Systems Shibboleth Install Session Technical Information Session for Developers Datta Mahabalagiri.
Shibboleth, SRB, PGL & Plone Russell Sim. MyProxy client uses portal with Web SSO protected with an SP transformation of attributes to certs by MyProxy.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.
Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.
Gridshib-intro-dec051 GridShib An Introduction Tom Scavo NCSA.
Shibboleth Use at the National e-Science Centre Hub Glasgow at collaborating institutions in the Shibboleth federation depending.
Networks ∙ Services ∙ People Mandeep Saini TNC15, Porto, Portugal Virtual organisation Authorisation Management Practices in Research and.
16/26/2016 META ACCESS MANAGEMENT SYSTEM MAMS & the Identity and Access Management (IAM) Suite A Shibboleth-Based VO for eResearch Neil Witheridge Meta.
2NCSA/University of Illinois
Shibboleth Architecture
OGF 21 Seattle Washington
ESA Single Sign On (SSO) and Federated Identity Management
Some data about the CBIC Federation
Overview and Development Plans
GridShib: Grid/Shibboleth Integration Update GGF 18 Shibboleth Developers BoF September 10-11, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey,
Community AAI with Check-In
Presentation transcript:

126/02/2016 META ACCESS MANAGEMENT SYSTEM A Ship on the Grid – Interoperability between Shibboleth and the Grid – Dr. Erik Vullings Programme Manager Macquarie University E-Learning Centre of Excellence (MELCOE) Australia

226/02/2016 META ACCESS MANAGEMENT SYSTEM Backing Australia’s Ability DEST founded ARIIC to guide the first round of SII projects: Australian Digital Thesis (ADT) Australian Digital Thesis (ADT) Australian Partnership for Sustainable Repositories (APSR) Australian Partnership for Sustainable Repositories (APSR) Australian Research Repositories Online to the World (ARROW) Australian Research Repositories Online to the World (ARROW) Meta Access Management System (MAMS) Meta Access Management System (MAMS) Financed by DEST till the end of 2006 (3y, $4.2 million ~ €2,7m) Financed by DEST till the end of 2006 (3y, $4.2 million ~ €2,7m) FRODO (Federated Repositories of Digital Objects)

326/02/2016 META ACCESS MANAGEMENT SYSTEM Single Sign-On Digital Identity Mgmt Federated Identity Mgmt Access Control Provisioning Federated search Legacy plug-ins

426/02/2016 META ACCESS MANAGEMENT SYSTEM Projects I won’t spend a slide on… Australian Inqueu-like Federation Australian Inqueu-like Federation Easy Install CD, incl. registration Easy Install CD, incl. registration Mini-grant program: Shibbolizing SPs Mini-grant program: Shibbolizing SPs Shibbolizing GridSphere, DSpace, Zope/Plone, Wiki... Shibbolizing GridSphere, DSpace, Zope/Plone, Wiki... Institutional Repository WebGUI Institutional Repository WebGUI Fedora with XACML Fedora with XACML Virtual Librarian Service Virtual Librarian Service Use Shibboleth to validate IM service Use Shibboleth to validate IM service XACML editor for repository policies XACML editor for repository policies XML-free interface XML-free interface

526/02/2016 META ACCESS MANAGEMENT SYSTEM Attribute Release Policies When I visit an SP, how do I present myself? Reference # Staff at Macquarie Uni Erik Vullings Staff at Macquarie Uni Erik Vullings Staff at Macquarie Uni +61-(0) MQ

626/02/2016 META ACCESS MANAGEMENT SYSTEM Different cards open different doors – Attributes give access to Features – Reference # Staff at Macquarie Uni Erik Vullings Staff at Macquarie Uni Erik Vullings Staff at Macquarie Uni +61-(0) MQ Enables access to repository Allows me to rank material Allows me to add comments

726/02/2016 META ACCESS MANAGEMENT SYSTEM Different cards open different doors – Services & Service Level –

826/02/2016 META ACCESS MANAGEMENT SYSTEM Multiple Attribute Authority (Join SAML assertions as SP) Visit other IdP/AA and return

926/02/2016 META ACCESS MANAGEMENT SYSTEM AuthN federated Search (AFS) (Delegated SAML Profile?) University Staff member FS IdP > R > S > AFS > R > S > Repository i > Search 1 Login via WAYF & IdP Access Query 2a Create User Shib session (bypass WAYF) 3 Query + SessionID > Repository i > Attribute Mngr > Search 2b Target=SessionMngr/SessionID Old New

1026/02/2016 META ACCESS MANAGEMENT SYSTEM Shibbolizing MyProxy (with Jim Basney & Von Welch) University Staff member IdP 1 Login via WAYF & IdP 2a Create User Shib session (bypass WAYF) 2b Target=SessionMngr/SessionID > GS Portal > MyProxy 3 Get proxy cert + SessionID MyProxy Server > Attribute Mngr MyProxy Server GS Portal > MyProxy Old New Login with Username1 & pwd1 Username2 & pwd2

1126/02/2016 META ACCESS MANAGEMENT SYSTEM Virtual Organisation (Attribute Authority) 1 University Staff member SP User session Attribute Requester 3 IdP LDAP directory Attribute Authority Credentials Request access VO AA WAYF VO members 2 Redirect Notes: 1.At step 4 and 5, mapping of attr. names and values can take place. 2.Typical VO attr. are entitlements, such as ethnicity, IEEE fellow, etc. 3.Extendable between federations 4 IdP attributes SP AR 5 IdP+VO attributes IdP AA LDAP (session) Claim Transformation Service (CTS)

1226/02/2016 META ACCESS MANAGEMENT SYSTEM Federation A (Fa) Federation B (Fb) IdP SP CTSWAYF CTS WAYF CTS: Claim Transformation Service WAYF: Where Are You From IdP: Identity Provider SP: Service Provider Fed2Fed SSO

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.